Lucene search
GoogleOSV:GHSA-4465-R2HG-V4RJHistoryMay 17, 2022 - 4:52 a.m.
CiviCRM SQL injection vulnerability via Quick Search API
2022-05-1704:52:06
Google
osv.dev
8
0.001 Low
EPSS
Percentile
46.5%
The Quick Search API in CiviCRM 4.2.0 through 4.2.9 and 4.3.0 through 4.3.3 allows remote authenticated users to bypass the validation layer and conduct SQL injection attacks via a direct request to the “second layer” of the API, related to contact.getquick.
Related
cve
cve
CVE-2013-4662
2014-01-29 18:55:26
prion
prion
Sql injection
2014-01-29 18:55:00
debiancve
debiancve
CVE-2013-4662
2014-01-29 18:55:26
cvelist
cvelist
CVE-2013-4662
2014-01-29 18:00:00
nvd
nvd
CVE-2013-4662
2014-01-29 18:55:26
github
github
CiviCRM SQL injection vulnerability via Quick Search API
2022-05-17 04:52:06